User Management

Energylogserver SIEM Platform

Energylogserver SIEM provides essential user management capabilities to support security operations teams with appropriate access controls and user lifecycle management.

Note: Advanced authentication methods (LDAP, SAML, RADIUS) are covered in Configuration. This chapter focuses on practical user lifecycle and role management.

Table of Contents

  1. User Lifecycle Management

  2. Role-Based Access Control

  3. User Operations

  4. Session Management

  5. Compliance and Auditing

User Lifecycle Management

User Creation

Standard User Creation:

Navigate to ELS ConsoleSecurityUser Management

Required fields:

  • Username: Unique identifier (3-50 characters)

  • Email: Valid email for notifications

  • Full Name: Display name

  • Role: Primary role assignment

  • Department: Organizational unit

Bulk User Import:

For enterprise deployments, prepare CSV format:

username,email,full_name,role,department,status
john.doe,john.doe@company.com,John Doe,analyst,security,active
jane.smith,jane.smith@company.com,Jane Smith,admin,it,active

Upload via Bulk ImportUpload CSVReviewConfirm

User Modification

Profile Updates:

  • Users can modify: name, email, personal preferences

  • Administrators can modify: roles, status, department assignments

Status Management:

  • Active: Full system access

  • Inactive: Temporarily disabled (leave, vacation)

  • Suspended: Security-related suspension

  • Expired: Past expiration date

User Deactivation

Recommended Process:

  1. Set status to “Inactive” (preserves audit trail)

  2. Transfer ownership of shared dashboards/alerts

  3. Export user activity if required

  4. Archive after organization retention period

Role-Based Access Control

Predefined Roles

Administrator:

  • Complete system administration

  • User and role management

  • System configuration

  • All SIEM functions

Security Analyst:

  • Dashboard access and creation

  • Alert investigation and management

  • Search operations (basic and advanced)

  • Report generation

Incident Responder:

  • Enhanced investigation tools

  • Case management access

  • Threat hunting capabilities

  • Response automation

Viewer:

  • Read-only dashboard access

  • Basic search functionality

  • Report viewing

  • No configuration changes

Custom Role Creation

Process:

  1. Navigate to Role ManagementCreate New Role

  2. Define role properties:

    • Name: Descriptive identifier

    • Description: Purpose and scope

    • Department: Organizational alignment

  3. Permission Assignment:

Permission Category

Available Options

Dashboards

View, Create, Edit, Delete, Share

Alerts

View, Acknowledge, Create, Modify

Search

Basic, Advanced, Export, Historical

Administration

Users, Config, Integrations, Audit

Permission Matrix

Function

Admin

Incident Responder

Analyst

Viewer

User Management

Dashboard Creation

Alert Management

Limited

Advanced Search

Limited

System Config

API Access

Limited

Limited

Read-only

Legend: Full Access | Limited Access | No Access

Field level security

You can restrict access to specific fields in documents for a user role. For example: the user can only view specific fields in the Discovery module, other fields will be inaccessible to the user. You can do this by:

  1. You can do this by adding the index to the field includes or field excludes in the Create Role tab.

    • Includes are only fields that will be visible to the user.

    • Excludes are fields that the user cannot see.

  2. After that, you will see the new role in the Role list tab.

  3. Add your user to the new Role

You can now log in as a user with a new role, the user in the Discovery module should only see selected fields.